Consumer Reports has no financial relationship with advertisers on this site.
Zoom, which has encountered a spate of bad publicity over security and privacy vulnerabilities on its videoconferencing platform, is launching a number of updates this week to better protect consumers.
The coronavirus pandemic, which has forced most Americans to stay home, has triggered meteoric growth in Zoom’s traffic—from 10 million daily users in December to 300 million this month. But the sudden popularity has exposed a variety of problems in the platform, which was built primarily for business but is now used for everything from online guitar lessons to virtual happy hours.
These problems, and other smaller security and privacy flaws, prompted a class-action lawsuit and an investigation by the New York attorney general. The company then promised that it would suspend the development of new features for the next 90 days to focus solely on privacy and security issues.
In its latest round of changes, called Zoom 5.0, the company is enabling passwords for most meetings, which should help to prevent Zoombombing, a recent phenomenon in which intruders gain unauthorized access to a meeting and disrupt it.
The company has also changed its interface to make it more difficult for participants to share the meeting ID accidentally, which can expose a meeting to Zoombombers. Another feature now turned on by default is the virtual waiting room, which allows meeting hosts to vet unknown participants before allowing them to enter a meeting.
Zoom has also created a “security icon,” which consolidates a number of important controls that allow a host to quickly and easily lock a meeting, restrict chat or screensharing, and, if necessary, remove a participant. These aren’t new features, but before the update, they had previously been scattered throughout the platform. One new feature is the ability to report a disruptive user directly to Zoom through the security icon.
“It’s great to see Zoom implementing features quickly and rolling them out to users,” says Consumer Reports privacy tester Bill Fitzgerald. “The real test is whether or not the features work as advertised, and whether the people and organizations most affected by Zoom’s flaws experience an immediate benefit.”
Most of these revised features were highlighted in a Consumer Reports article about a tech-savvy CR member who helped his California synagogue navigate the transition from in-person meetings and services to virtual ones.
As part of its 90-day pledge, Zoom also improved its encryption methods. However, despite the improvements—to a standard called AES 256-bit GCM—the platform still doesn’t employ full end-to-end encryption, which is considered the best option by security experts for protecting data in transit. Business clients can now also determine which data centers control their traffic, a response to a report that some traffic was routed to servers in China.
How to Use Zoom More Safely
If you’re using Zoom, here are a few steps you can take to enhance your privacy and security.
The most basic precaution is to assume that anything you say or do in a Zoom meeting could be recorded by the meeting host and possibly other participants. These recordings can be shared with third parties who weren’t in the original meeting.
If you’re the host, you should turn on the option that notifies participants that you intend to record the meeting and ask for their consent.
To prevent Zoombombing, don’t share meeting links, and urge other participants not to share them, either.
If you’re in a meeting at home, pay attention to your surroundings. Users who don’t want clients and coworkers to see the books on a shelf or the dirty dishes in the sink can use a photo from their hard drive as a background; the feature works well.
Consumer Reports is an independent, nonprofit organization that works side by side with consumers to create a fairer, safer, and healthier world. CR does not endorse products or services, and does not accept advertising. Copyright © 2020, Consumer Reports, Inc.